From 57f515cd0fe7f2b58874bd4a9f7c65249df14482 Mon Sep 17 00:00:00 2001
From: Adrien Beaudouin <adrien.beaudouin@outlook.com>
Date: Sun, 11 Oct 2020 12:37:02 +0200
Subject: [PATCH] no need for explicit csrf

---
 docs/guide/authentication.md                 | 2 +-
 packages/admin/src/providers/auth/sanctum.js | 6 ------
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/docs/guide/authentication.md b/docs/guide/authentication.md
index 47c66fe2..8d085451 100644
--- a/docs/guide/authentication.md
+++ b/docs/guide/authentication.md
@@ -75,7 +75,7 @@ The [Laravel Sanctum Provider](https://github.com/okami101/vuetify-admin/blob/ma
 This is actually the recommended provider for Laravel if your app is on the same main domain (which is 99% use cases), because it's more secure (insensitive to XSS attacks thanks to HttpOnly cookies) and it works seamlessly with impersonation feature as well as the elFinder File manager.
 
 ::: warning CSRF
-As always with all based-cookies authentication system, you'll need a specific `csrf` route in order to get the XSRF token. Default is set to `/sanctum/csrf-cookie` so you have not to do anything if you use Laravel Sanctum with default config.  
+As always with all based-cookies authentication system, you'll need a specific CSRF token. The first required call to `/api/user` will automatically set the CSRF cookie for you.  
 By calling this URL, a local `XSRF-TOKEN` cookies will be stored with HttpOnly set to `false`. This allows axios to fetch it and set it as header request via `X-XSRF-TOKEN` for every next requests.  
 Don't forget to set `withCredentials` axios config to `true` order to include session cookies on ever XHR request.
 :::
diff --git a/packages/admin/src/providers/auth/sanctum.js b/packages/admin/src/providers/auth/sanctum.js
index 7b6a584a..28fb147f 100644
--- a/packages/admin/src/providers/auth/sanctum.js
+++ b/packages/admin/src/providers/auth/sanctum.js
@@ -14,7 +14,6 @@ export default (axios, params = {}) => {
       login: "/login",
       logout: "/logout",
       user: "/api/user",
-      csrf: "/sanctum/csrf-cookie",
     },
     getCredentials: ({ username, password, remember }) => {
       return {
@@ -33,11 +32,6 @@ export default (axios, params = {}) => {
 
   return {
     [LOGIN]: async ({ username, password, remember }) => {
-      /**
-       * Get CSRF cookie
-       */
-      await axios.get(routes.csrf);
-
       let response = await axios.post(
         routes.login,
         getCredentials({ username, password, remember })